MariaDB SSL
Create keys and certificates
<syntaxhighlight lang=bash> openssl genrsa 2048 > ca-key.pem openssl req -new -x509 -nodes -days 3600 -key ca-key.pem -out ca-cert.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server' </source>
<syntaxhighlight lang=bash> openssl req -newkey rsa:2048 -days 3600 -nodes -keyout client-key.pem -out client-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=web-server.domain.de' openssl rsa -in client-key.pem -out client-key.pem openssl x509 -req -in client-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out client-cert.pem </source>
<syntaxhighlight lang=bash> openssl req -newkey rsa:2048 -days 3600 -nodes -keyout server-key.pem -out server-req.pem -subj '/C=DE/ST=Hamburg/L=Hamburg/O=Spiders Cave/CN=db-server.domain.de' openssl rsa -in server-key.pem -out server-key.pem openssl x509 -req -in server-req.pem -days 3600 -CA ca-cert.pem -CAkey ca-key.pem -set_serial 01 -out server-cert.pem </source>
<syntaxhighlight lang=bash> chown mysql:www-data * chown www-data:www-data client-key.pem chmod 644 *-cert.pem chmod 600 *-key.pem </source>
<syntaxhighlight lang=php>
- php -r '
$db = new PDO("mysql:host=db-server.domain.de;dbname=testdb", "ssltestuser", "ssltestuserpassword",
array(
PDO::MYSQL_ATTR_SSL_CA=>"/etc/mysql/ssl/ca-cert.pem",
PDO::MYSQL_ATTR_SSL_KEY=>"/etc/mysql/ssl/client-key.pem",
PDO::MYSQL_ATTR_SSL_CERT=>"/etc/mysql/ssl/client-cert.pem",
PDO::MYSQL_ATTR_SSL_CAPATH=>"/etc/ssl/certs"
)
);
$result = $db->query("SHOW STATUS LIKE \"SSL_%\"");
$result->execute();
$status=$result->fetchAll();
print_r($status);
' </source>
